However, the company should provide a proper automatic security patch as soon as possible because the number of attacks that exploit it are increasing, Blasco said.

The Sykipot Trojan program has been used during the past year in targeted attacks against U.S. federal agencies, defense contractors and other organizations that store sensitive data on their computer systems.

One of the new Sykipot attack campaigns targeted potential attendees to the 2013 IEEE Aerospace Conference, a conference intended for aerospace experts, academics, military personnel and industry leaders.

Each Sykipot variant is tailored for a particular group of targets, Blasco said. For example, in January, AlienVault researchers found a version designed to bypass two-factor authentication based on PC/SC x509 smart cards, which commonly used for access management in the defense sector.

The Sykipot variants distributed in the recent attacks use a slightly modified obfuscation for their configuration files and communicate with the command and control (C&C) servers over SSL. The C&C domains they contact have been registered in the past month, Blasco said.